Summary I came across a fairly interesting VBS-based DanaBot downloader the other day, and I figured it was worth doing a quick write-up on the obfuscation scheme and a few of the other TPPs I observed. The social engineering pretext used in this campaign was interesting as it leveraged an “unclaimed property” themed lure and…
All posts in Tutorial
Quick Post: Analysis of a BokBot (IcedID) Maldoc
Summary BokBot is a modular banking trojan that possesses a robust capability for credential theft, wire fraud, and more. In this blog, we will take a quick look at a recent BokBot maldoc in order to gain some insights into the operator’s TTPs along with hopefully learning a few things about Microsoft’s VBA, which appears…
Analysis of Valak Maldoc
Summary The Valak malware variant appears to be an emerging threat due to an increased volume of campaign activity by its operators. Besides its relative newness, Valak is also noteworthy for a few of its other operational aspects such as an interesting execution chain and some unconventional tactics leveraged in the VB macro script of…
Who Should Take the CISSP Exam and How to Pass?
estimated read time = 5 minutes Introduction and Context The Certified Information Systems Security Professional (CISSP) is one of the most well known cybersecurity certifications offered to professionals today. It is an independent and vendor neutral certification offered by The International Information System Security Certification Consortium, better known as (ISC)². This certification is highly sought after by…
How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3
read time = 5 minutes Summary This is the third in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 and Part 2 for some additional background. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part…
How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 2
read time = 4 minutes Summary This is the second in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 for some additional background,. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part 1, they may…
How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 1
read time = 3 minutes Summary: The goal of this tutorial series is to show analysts a variety of methods to extract IOCs from malicious document samples as an alternative to a reliance on automated sandboxes. Sandboxes are valuable tools, but in many cases (with default settings) they may not provide full details and critical…